lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 4 Jan 2008 13:27:51 -0800 (PST)
From: secreview <secreview@...hmail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: [Professional IT Security Providers - Exposed]
	Syrex ( B )

Syrex, located at http://www.syrex.com, is a quality Professional IT
Security Services Provider that offers Risk Assessments, Risk
Mitigation, Security Management, Security Training and Incident
Response as well as advanced networking services. We found Syrex
because they came to us and requested that we perform a review, so here
are the results.Looking at the Syrex website was refreshing in
comparison to some of the other websites that we've reviewed. Not only
was theirs written clearly, but the services were well defined and the
content was complete. It is also clear that Syrex is ready to service a
wide range of companies based on the structure of their service
offerings. For example, under the Risk Assessment offering they have a
specific "Snapshot offering" to help meet the requirements of smaller
companies that can't afford a more intense service.Syrex is not your
average Professional IT Security Services Provider in that they do not
offer Penetration Testing or ethical hacking type services. They also
do not offer Web Application Security Assessments or source code
reviews (at least not yet). Instead, Syrex helps their customers by
performing complete or partial OSSTMM based security audits. The
results of those audits enables Syrex to enhance the overall security
of their customers IT Infrastructures by exposing weaknesses in
policies, proceedures, technologies, etc. and proving remediation
services. While these auditing services are not as technically deep as
penetration testing services, or web application security assessment
services, they do help to raise the proverbial security bar.When
speaking with the founder of Syrex, we learned that they do in fact
have talent. The founder himself has a deep understanding of Intrusion
Detection Systems ("IDS") and Intrusion Prevention Systems ("IPS"),
Security Information Management Systems ("SIMS"), network and routing
protocols, as well as key Cisco technologies like the ASA, Clean
Access, ACS, MARS, and CSM. In conjunction with this, he also has
experience as a programmer and understands quite a bit about malware,
viruses, and other malicious technologies. This is more than we can say
for a lot of the other companies that we've interviewed.Another thing
that we were impressed with during our telephone interview was the
amount of effort that Syrex put into being honest and ethical. On
multiple occasions they pointed out limitations in their service
capabilities, and at no point did they try to flaunt anything that they
were not certain about. This is the second company that we've
interviewed that did not make an effort to sound like they are the
best. Instead, they talk the talk and walk the walk.In conjunction with
the telephone interview and website review, we were given sample
reports and materials. When reviewing the reports it became immediately
clear that Syrex was focused on providing their customers with high
quality services that were in fact human driven. The reports were very
obviously not the product of automated tools, but instead were the
product of human talent. Again, this is more than we can say for a lot
of the companies that we review. Most companies these days seem to rely
heavily on automation and have little to no real human talent.All in
all we would recommend using Syrex if you are looking to increase your
levels of security. They will help you define methods for properly
managing and maintaining your network, people and information, all the
wile being honest and ethical. We almost feel bad giving Syrex a B
instead of an A, but they are missing research and development
capabilities, as well as advanced service delivery capabilities. Other
than that, great company! Keep up the good work Syrex!Score Card (
Click to Enlarge )

--
Posted By secreview to Professional IT Security Providers - Exposed at
1/04/2008 01:24:00 PM
Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ